DeCarabas/fwd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: Discover docker ports as well

Browse source 
If processes are running in a container then the fwd process
can't read their internal FDs without the CAP_SYS_ADMIN property
which is equivalent to sudo. Even with sudo, I think you need to do
a lot of work to be able to read them -- spawning a process within
the cgroup, doing work there, and then communicating back.

This just uses the docker api to populate some default ports, which
later get overwritten if fwd can find a native process.

The Docker port scan takes about 1.5ms, and the full port scan takes
40+ms, so this adds basically no overhead.
This commit is contained in:
Brandon W Maister 2024-07-31 10:27:30 -04:00 committed by John Doty
parent 66da323481
commit 6c10d8eece
4 changed files with 707 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Cargo.toml
View file

@ -15,6 +15,7 @@ bench = false
[dependencies]
anyhow = "1.0"
bollard = "0.17.0"
bytes = "1"
copypasta = "0.10.1"
crossterm = { version = "0.25", features = ["event-stream"] }